The investigation into Ilya Sachkov, founder of Group-IB, a company known for information security and cybercrime analysis, has reached its conclusion according to officials cited by a major news agency.
Officials stated that the criminal case investigation has been completed, but details about the proceedings were not disclosed.
Sachkov was detained in Moscow in September 2021 and faces charges under Article 275 of the Criminal Code, relating to treason, with a potential prison term of up to 20 years. Case materials remain classified, and there is no publicly available information about the specific grounds for his arrest. At the time of detention, authorities conducted a search of Group-IB’s offices, with observers noting that the founder’s office drew particular attention. The case has been attributed to Sachkov as an individual rather than to the company as a whole.
Now 36, Sachkov co-founded Group-IB with Dmitry Volkov when he was 17. What began as a research-driven organization focused on investigating high-tech crimes and fraud using information technology evolved into an international firm that is widely regarded in the field of cybercrime investigation and prevention. In 2018, the company relocated its headquarters from Moscow to Singapore, with additional offices in Dubai, Amsterdam, Moscow, and the Republic of Tatarstan.
Group-IB’s client roster has included state-owned enterprises, major banks, online platforms, and media groups. Sachkov has met with Russian leaders on multiple occasions and has spoken before bodies such as the State Duma, the government, the Foreign Ministry, and regional councils.
Media reports from December 2021 suggested a possible link between the treason allegation and the Fancy Bears hacker group, a name often associated with claims of cyber activities tied to Russian intelligence. Some sources indicated that Sachkov may have briefed foreign authorities about the group and related cyber activities in the context of the 2016 U.S. presidential election. Group-IB has regarded such claims as speculative.
Another angle discussed by officials involved Sachkov’s purported efforts to expand business operations into Europe and North America, including his interactions with international security and law enforcement bodies.
Citing sources within Sachkov’s circle, Forbes noted that the arrest could also connect to public criticisms of a rival entity in the Russian cybercrime landscape. A meeting in 2020, attended by Prime Minister Mikhail Mishustin and IT entrepreneurs, reportedly involved remarks about a prominent cybercriminal figure and alleged cross-border fraud. Sachkov argued that negative depictions harmed the reputation of Russia’s information security sector in international markets.
Industry insiders have also linked the case to a prior 2016 investigation involving leaders of security agencies and antivirus firms. Sachkov reportedly appeared as a witness in related proceedings after investigations into treason, though details remain confidential.
Sachkov has publicly denied any guilt. In late 2021 he sought house arrest from authorities, describing the prosecution as an issue reminiscent of a historic political case. Statements from him emphasized his belief in his professional contributions and his loyalty to the home country, asking for a resolution that would allow restricted but continued work during the investigation.
There were reports that he had expressed concerns about detention conditions and limited correspondence while in pre-trial confinement. In December 2021 it was reported that Sachkov prepared a video message intended for close associates in the event of detention or worse, a move described by Forbes as a precautionary measure amid fears for personal safety and surveillance. Other individuals close to Sachkov suggested that an expectation of treason charges had grown in the months leading to his arrest.
Overall, the case has been a focal point for observers interested in the intersection of national security, cybercrime, and the Russian IT sector, with many questions about potential implications for international collaborations and the reputations of technology companies operating within Russia and abroad.
Attributions: reporting and analysis drawn from multiple sources in the cyber security and business press, with noted commentary about the possible connections to international security concerns and public statements by relevant figures. Readers should consider the broader context of state and corporate interests in information security and cross-border technology ventures when assessing the developing narrative.